6 matches found
EUVD-2021-8240
Malicious code in bioql PyPI...
CVE-2021-20828
Cross-site scripting vulnerability in Order Status Batch Change Plug-in for EC-CUBE 3.0 series all versions allows a remote attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-20828
Cross-site scripting vulnerability in Order Status Batch Change Plug-in for EC-CUBE 3.0 series all versions allows a remote attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-20828
Cross-site scripting vulnerability in Order Status Batch Change Plug-in for EC-CUBE 3.0 series all versions allows a remote attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-20828
The CVE-2021-20828 entry concerns the EC-CUBE 3.0 series plugin “Order Status Batch Change Plug-in” by ActiveFusions. The vulnerability is a cross-site scripting (CWE-79) flaw caused by insufficient validation of client-side data, allowing a remote attacker to inject arbitrary script via unspecif...
JVN#23406150: EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting
EC-CUBE plugin "Order Status Batch Change Plug-in" provided by ActiveFusions Co., Ltd. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by conducting a specific operation on the management page of EC-CUBE. Impact If a remote attacker injects a specially...